Insights

From Facebook to Fortnite: Notable Security Breaches of 2019 (so far)

Data is valuable, but it is also vulnerable. This year has seen a considerable rise in data breaches, and businesses need to be more vigilant than ever before – or suffer the consequences. These range from fines to downtime, and loss of customer loyalty, not to mention how the exposure of online records can have devastating consequences for users.

The fact of the matter is this – data breaches are a matter of ‘if’ and not ‘when’. Breaches occur, and every business needs not only a great cybersecurity plan that encompasses every user and digital technology across their organisation, but also an effective and reliable backup and recovery plan. Both must comply with existing legislation and be agile enough to adjust to new compliance standards and advances in threat exposure.

Something important to realise is this; every company is vulnerable, and vulnerabilities exist in unexpected places. We are only halfway through the year, and already hundreds of millions of users across the globe have fallen victim some form of cyber attack.

These are, in our opinion, the most notable attacks of 2019 so far:

Facebook: 540 - 600 Million affectedLikely the most newsworthy breach of 2019 (so far) has been that of Facebook, where the personal records of over 540 million users were exposed. Security experts found the data of these users on unsecured and publically accessible databases, much like First American. This breach occurred in April, while in March, the social media giant admitted to failing to secure the passwords of over 600 million users since 2012.

Quest Diagnostics: 12 million affected: Clinical laboratory Quest Diagnostics announced on June 3, 2019, that an unauthorised user had accessed the medical records and personal details of up to 12 million customers. It is suspected that a billing vendor used by Quest was exploited for the attack to occur, and both the vendor and the company are still working to understand the full effect of the breach.

LabCorp: 7.5 million affectedThe day after Quest Diagnostics was breached, LabCorp also suffered a major security incident. LabCorp deals with highly sensitive medical records and was using the same billing vendor as Quest when the attack occurred. Names, addresses, birth dates, banking, and other private information is amongst the compromised data.

Canva: 139 million affectedPopular graphic design tool Canva experienced a massive cyber attack in May, affecting 139 million of its users. The breach targeted email addresses and passwords but did not compromise credit card details.

First American: 886 million affectedFortune 500 company First American Financial Corp had customer bank account numbers, mortgages, statements, and tax records dating back to 2003 affected in a massive data breach on May 25, 2019. 885 million records were leaked to the public, and the company is still working to assess the full extent of the damage.

Fortnite: UnknownPopular videogame Fortnite suffered a breach early in the year, exposing players to hacking which allowed malicious actors to take over the account of any player. This allowed them to view personal information, purchase in-game currency, and listen in on game chatter. It is unknown how many users were affected, but the game has over 200 million users worldwide, and over 80 million active users every month – many of these being under the age of 18.

With all this going on, businesses often wonder if they can do anything to stop data breaches. The answer is 'kind of'. Breaches are going to occur regardless, but it is how companies prepare for and respond to them that makes the biggest difference. The first step toward security success is to understand your security landscape and then become prepared to defend and recover it.